shithub: jbig2

Download patch

ref: 1c933c8c1d2beb7b6c6747c29fec58c6d6b8a02c
parent: 3eff8ef1daf4de5232cb432fd685f6befdac1906
author: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
date: Thu Jun 14 13:06:16 EDT 2012 

Bug 693050 : Fixes CERT reported issues labelled SourceAvNearNull


--- a/jbig2_image.c
+++ b/jbig2_image.c
@@ -55,7 +55,7 @@
         image->data = jbig2_new(ctx, uint8_t, (int)check);
 	if (image->data == NULL) {
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1,
-            "could not allocate image data buffer! [%d bytes]\n", stride*height);
+            "could not allocate image data buffer! [%d bytes]", stride*height);
 		jbig2_free(ctx->allocator, image);
 		return NULL;
 	}
--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -230,7 +230,7 @@
   Jbig2SymbolDict *SDEXSYMS = NULL;
   int32_t HCHEIGHT;
   uint32_t NSYMSDECODED;
-  int32_t SYMWIDTH, TOTWIDTH;
+  uint32_t SYMWIDTH, TOTWIDTH;
   uint32_t HCFIRSTSYM;
   uint32_t *SDNEWSYMWIDTHS = NULL;
   int SBSYMCODELEN = 0;
@@ -285,7 +285,7 @@
           goto cleanup1;
       }
       if (params->SDREFAGG) {
-          int tmp = params->SDINSYMS->n_symbols + params->SDNUMNEWSYMS;
+          int tmp = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
           for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < tmp; SBSYMCODELEN++);
           IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
           IARDX = jbig2_arith_int_ctx_new(ctx);
@@ -543,7 +543,7 @@
 		      uint32_t ID;
 		      int32_t RDX, RDY;
 		      int BMSIZE = 0;
-		      int ninsyms = params->SDINSYMS->n_symbols;
+		      int ninsyms = params->SDNUMINSYMS;
 		      int code1 = 0;
 		      int code2 = 0;
 		      int code3 = 0;
@@ -960,17 +960,17 @@
   /* maybe #ifdef CONFORMANCE and a separate routine */
   if (!params.SDHUFF) {
     if (flags & 0x000c) {
-      jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
+      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
 		  "SDHUFF is zero, but contrary to spec SDHUFFDH is not.");
     }
     if (flags & 0x0030) {
-      jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
+      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
 		  "SDHUFF is zero, but contrary to spec SDHUFFDW is not.");
     }
   }
 
   if (flags & 0x0080) {
-      jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
+      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
         "bitmap coding context is used (NYI) symbol data likely to be garbage!");
   }
 
--- a/jbig2_text.c
+++ b/jbig2_text.c
@@ -321,6 +321,14 @@
 		int code4 = 0;
 		int code5 = 0;
 
+		/* as must exist for refinement */
+		if (as == NULL)
+		{
+			code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+				"as is NULL before refinement region");
+			goto cleanup2;
+		}
+
 		/* 6.4.11 (1, 2, 3, 4) */
 		if (!params->SBHUFF) {
 		  code1 = jbig2_arith_int_decode(params->IARDW, as, &RDW);